Policy file for 'aide' and/or 'tripwire'?
Tom Mitchell
mitch48 at sbcglobal.net
Tue May 4 00:51:30 UTC 2004
On Tue, May 04, 2004 at 07:27:44AM +1000, Russell Coker wrote:
....
> If there are standard locations for the tripwire database and binaries then
> let me know and I'll add them to the policy.
The below should be a fair start:
# rpm -qa | grep trip
tripwire-2.3.1-17
========
# rpm -q --list tripwire-2.3.1-17
/etc/cron.daily/tripwire-check
/etc/tripwire
/etc/tripwire/twcfg.txt
/etc/tripwire/twinstall.sh
/etc/tripwire/twpol.txt
/usr/sbin/siggen
/usr/sbin/tripwire
/usr/sbin/twadmin
/usr/sbin/twprint
/usr/share/doc/tripwire-2.3.1
/usr/share/doc/tripwire-2.3.1/COPYING
/usr/share/doc/tripwire-2.3.1/ChangeLog
/usr/share/doc/tripwire-2.3.1/README
/usr/share/doc/tripwire-2.3.1/README.RPM
/usr/share/doc/tripwire-2.3.1/Release_Notes
/usr/share/doc/tripwire-2.3.1/TRADEMARK
/usr/share/doc/tripwire-2.3.1/policyguide.txt
/usr/share/doc/tripwire-2.3.1/quickstart.gif
/usr/share/doc/tripwire-2.3.1/quickstart.txt
/usr/share/man/man4/twconfig.4.gz
/usr/share/man/man4/twpolicy.4.gz
/usr/share/man/man5/twfiles.5.gz
/usr/share/man/man8/siggen.8.gz
/usr/share/man/man8/tripwire.8.gz
/usr/share/man/man8/twadmin.8.gz
/usr/share/man/man8/twintro.8.gz
/usr/share/man/man8/twprint.8.gz
/var/lib/tripwire
/var/lib/tripwire/report
========
# cat /tmp/trip-stuff edited from "locate tripwire"
/var/lib/tripwire
/var/lib/tripwire/report
/var/lib/tripwire/report/xtl2.xtl.tenegg.com-20040303-172709.twr
....
/var/lib/tripwire/report/xtl2.xtl.tenegg.com-20040502-044143.twr
/var/lib/tripwire/report
/var/lib/tripwire/xtl2.xtl.tenegg.com.twd
/var/lib/tripwire/xtl2.xtl.tenegg.com.twd.bak
/var/lib/tripwire
/etc/cron.daily/tripwire-check
/etc/tripwire
/etc/tripwire/twinstall.sh
/etc/tripwire/twcfg.txt
/etc/tripwire/site.key
/etc/tripwire/twpol.txt
/etc/tripwire/tw.cfg
/etc/tripwire/tw.pol
/etc/tripwire/tw.cfg.5383.bak
/etc/tripwire/tw.pol.bak
/etc/tripwire/xtl2.xtl.tenegg.com-local.key
/etc/tripwire/tw.cfg.1891.bak
/etc/tripwire
/usr/sbin/tripwire
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-selinux-list
mailing list